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A Simple Proof of a Generalized ChurchrRosser Theorem 



B. J. MacLennan 
Computer Science Department 
Naval Postgraduate School 
Monterey, CA 93943 

Abstract 

Abstract calculi (tree transformation systems, term rewriting systems) express com- 
putational processes by transformation rules operating on abstract structures (trees). 
They have applications to functional programming, logic programming, equational pro- 
gramming. productions systems and language processors. 

We present a proof of the Church-Rosser Theorem for a wide, useful class of abstract 
calculi. This theorem implies that terminating reductions always yield a unique 
reduced form in these calculi, which has the practical result that transformation rules 
can be seifely applied in any order, or even in parallel. Athough this result has previ- 
ously been established for certain classes of abstract calculi, our proof is much simpler 
than previous proofs because it is an adaptation of Rosser’s new (1982) proof of the 
Qiurch-Rosser Theorem for the lambda calculus. 

1. Introduction 

A calculus has the C7iiirc/i-/?osser Property if any terminating reduction of a formula of 
the calculus always yields the same reduced form. The C7iitrc/i-/?osser Theorem, origi- 
nally proved in 1936 [5], implies that the lambda calculus has the Church-Rosser Pro- 
perty, In this paper we prove that the Church-Rosser Property holds for a certain wide, 
useful class of abstract calculi (also known as tree transformation systems and term 
rewriting systems). 

Abstract calculi are increasingly relevant, due to their applications in functional 
programming [l. 3. 10], logic programming [6, 8. 17], equational programming [4, 9. 
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14, 15, 16] and production systems [19, 20]. The Church-Rosser properties of abstract 
cadculi have been previously investigated [2l]. Our proof differs from its predecessors 
in making use of an adaptation of a new, simplified proof of the Church-Rosser Theorem 
first presented by Rosser in 1982 [22], Rosser’s new proof is a vast improvement on its 
predecessors [2, 5, 7, 11, 12, 13, 18, 21, 23], and for the first time makes it feasible to 
prove the Church-Rosser Theorem in classroom situations. 

2. Definitions and Notation 
2.1 Syntax 

Atoms, FormiUas and Lists: ¥e assume a denumerably infinite universe of atoms. A 
formula can either be atomic, which means it is an atom, or nonatomic, which means 
it is an expression of the form (Fi Fz • • • F^), in which the Fi eu-e formulas and n>0. 
Formulas are required to be finite. Nonatomic formulas are often called lists. A list of 
depth one is a list all of whose elements are atoms. A list of depth n>l is a list contain- 
ing at least one list of depth 7i—l. 

Abstract CoIcxUxls; An abstract calculus is a pair <S, R> in which S is a set of atoms, 
called the reserved symbols of the calculus, and R is a set of transformation rules 
satisfying the following definition. 

Transformation Rules. Each transformation rules has the form A=>S in wliich A and 

are formulas. A is called the analysis part or pal tern of the rule, and S is called the 
synthesis part or template of the rule. Atoms in A are called pattern constants if they 
are reserved symbols of the calculus, and are called pattern variables if they are not. 
We do not permit rules to be universally applicable, a notion defined next. 

Uniuersally Applicable Rules: A rule is called universally applicable if its analysis 
part is atomic but not a reserved symbol. That is, it is a rule of the form x^S in which 

■s 

X is a pattern variable. We discuss later the reasons we do not permit universally 
applicable rules. A rule is nonuniversally applicable if its analysis part is either a list 
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or a reserved symbol. 



ZJZ Semantics 

Substitution: If x is an atom and X and V are formulas, then X[x = V] refers to the 
result of substituting V for all occurrences of x. This operation can be defined recur- 
sively as follows: 

(X,Xz ••• A-n)[x = 7] => iXi[x = V]X 2 [x = V] ••• X^[x = V]) 

x[x = V] => V 

y[x = V^ => y, if y is atomic and X 7^1/ 

If the atoms x^,xz Xj^ are all distinct, then we write X[xi = Vi,xs=Vs Xn = V„] 

for X[x 1 = 7, ][X 2 = Vz] ■ • • [x„ = V; ]. 

Notice that substitution satisfies the following property: 

M[xi=Xi Xra=Xn][yi=Yi ] 

= M[x,=Xr[y,= Yi yn=Yn] x^=Xm[yi=Y, y„=r„]] 

Matching and Transformation: We say that a formula X matches the analysis part of a 

rule i4=>5 if there are formulas Vi such that X = ^[ui = Fi '^n-Yn]> where 

T/j, , ,Vn are the pattern variables of /4. If this is the case then we can apply the rule 
to X to )deld 5[u,= Vi '^n-Yn\ 

Subformvlas: A formula X is called a subformida of a formula Y if there is some for- 
mula M and atom x in M such that Y = A/[x=.Y|. X is called a proper subformnla of Y 
if this M is nonatomic. 

Reduction: We say that a transformation rule reduces a formula F to a formula Z if 
that rule can be applied to a subformula of Y. That is. if F = M[x=X\ and the transfor- 
mation rule when applied to X yields W , then we say the transformation rule reduces F 
to Z = M\x-W\. More precisely, if A=>.S is the rule, F = M\x=X\ and X - 

A[vi-Vi Vn = Vnl then Z = Mix = W], where W = 5[vi=F, kreduc- 

tion is a finite sequence of formulas Xi Xn, such that for each Xi there is a 
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transforruaLion rule that reduces Xi to Xi^i. We say that a formula X can be reduced to 

a formula Y when either X-Y or there is a reduction Xi Xn such that X-X\ and 

Xn — Y. A formula is in reduced form when none of the transformation rules can be 
applied to it. 

Walks: We call a reduction from X to F a walk and write ‘X walk Y' when the reduc- 
tion satisfies the walk restriction. Informally the walk restriction says that the reduc- 
tion must proceed from the inside out. That is, we can never apply a transformation 
rule to a subformula W of X, and then later in the reduction sequence transform a sub- 
formula (proper or otherwise) of W , Of course, the walk restriction does not constrain 
the order in which rules are applied to nonoverlapping subformulas. 

Diarnand Property: A relation R has the diamond property M X R X^ and X R X^ 
implies that there exists an X* such that Xi R X* and X 2 R X\ 

ZJ3 Restrictions 

Ambiguous Rides: A set of transformation rules is ambiguous if there exist distinct 
rules and in the set such that there is a formula X that matches both A 

and A\ 

Conflicting Rules: Two transformation rules A^S and A'^S* (not necessarily dis- 
tinct) are conflicting if there is a formula that matches both A and a proper subpart of 
A\ That is, A=>5 and are conflicting if (l) A* can be written as .4/[x=F], where 

M is nonatomic, and (2) there are formulas Kj such that 

= A[yi = Vi where Uj are the pattern variables that appear in 3 

or A or both. Note that a transformation rule can conflict with itself. A set of transfor- 
mation rules is nonconflicting if none of the rules conflict with each other. 

Atomic Rules: A transformation rule is atomic if its analysis part is an atom. Since 
we require rules to be nonuniversally applicable, the only permitted atomic rules are 
those whose analysis part is a reserved symbol. A transformation rule is nonatomic if 
it is not atomic. A set of transformation rules is anti-atomic if all its rules are 
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nonatomic. 



UniversaUy Applicable Bides: We can now explain why we do not permit universally 
applicable rules. The first reason is that such rules are inherently ambiguous if they 
are combined with any other rules. This is because the analysis part of a universally 
applicable rule matches any formula (hence, their name). Therefore, the only unambi- 
guous calculus containing such a rule is the calculus that has only that rule. The 
second reason is that these rules are not very useful; Since these rules are always 
applicable, a calculus contcdning them has no terminating reductions and no reduced 
forms. 

3. Ifalks Have the Diamond Property 

Theorem: Walks have the diamond property in an abstract calculus with unambiguous, 
nonconflicting, anti-atomic rules . 

Proof: We must show that if X walkyYi and X walk ^2* then there is an X' such that 
Xi wadk X* and X2 walk X'. The proof is by induction on the size of X. 

Suppose X has size one, that is, X is an atom. Since the rules are anti-atomic there 
are no transformation rules applicable to X. Hence, X - X\ = X2 = X' satisfies the 
theorem. ITiis establishes the base of the recursion. 

Now suppose that X is nonatomic. There are four cases depending on whether or not 
the top level of X is transformed in each of the walks. X walk Xi and X walk Xz^ 

Case 1 : Suppose that the top level is transformed in neither walk. Now, since X is 
nonatomic. it can be written in the form A/[xi=f/i, . . . ,Xj^ = Un], where A/ is a list of 
atoms (i.e., list of depth one). Since the top level of X is not transformed, Xi can be 
written in the form and X2 can be written in the form 

= ^ = Since X waikXx we know [ 7 ^ walk 1 ^, for l^i^n. Similarly, 

since X walkX2i know Ui walk Wi, for Since the Ui are proper subparts of 

X, they are smaller than X, so we can apply the inductive hypothesis and conclude that 
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there are Yi such that Vi walk Yi and fVi walk Yi (l<i<n). We let X' = 
M[xi=Yr Xn = r„], 

We still must show that Xi walkX’ and X^ walk X'. But this is eas}^ since the formu- 
las Vi are nonoverlapping, walking them to the Yi cannot violate the W 2 dk restriction. 
Hence, walking the Vi individually to the Yi will walk Xi to X'. Similarly, we can walk X 2 
to X’. 

Case 8: Here we assume that the top level of X heis been transformed in the walk 
from X to X\, but not in the walk from X to Xg- However, to avoid violating the walk 
restriction, the top level transformation must have been the last step in the walk from 
X to X\. Hence the last step takes a formula Z into Xi by an application of a transfor- 
mation rule yl=>5, in which Z = A\yi-=Mi and Xi = 

Since this leist step is the only one to transform the top level of 

X, by the same reasoning as in Case 1 we know there is asiM of depth one such that 

X = M[xi=Ui x„ = 17„] 

Z = x^ = Vn] 

X2 = M[Xi=Wi Xn=W'n] 

Ui walk Vi, Ui walk Wi, for 

Now, since A matches the top level of X, A can be written in the form 
.W[xi=4i. . , XJ^=A,t ], Applying properties of the substitution operator Z can be writ- 

ten in the form 

Z ~ A[vi—Mi 

= M\Xi = Ai x„=4»ir^'i=Afi 

M\x i — At\v > Xjj —An\yi—M\ 

Hence, 1^ = Ai\yi=Ui for 

By the inductive hypothesis we know there are Yi such that Vi walk Yi and 
Wi walk Yi, We claim that Yi must have the form Ai\vi=Qi, . . . ,Vfn-Qtn\> for 
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some Qi, l<i<n. If is the variable then this is trivially true; let = Y^;. If /\i is 
nonatomic, then the only way there could fail to be such Qj would be if the walk from K 
to Yi altered the top level structure of V^, that is, eliminated the Ai structure. But this 
would violate the nonconflicting restriction on rules, since it would require a transfor- 
mation rule with Ai on the top level of the analysis part. Since is a proper subpart of 
the analysis part of the rule i4=>5, we would have conflicting rules. Thus we know Yi = 

i4i[vi=9i We will take our X* to be S[vi-Q\, . . . = It remains 

to show that there are walks from Xi and Xz to this X\ 

In the case of Xi this is trivial. Note that since we have walk Yi, we also have 

Ai{Vi = Mi walk A['yi = 9l 'ym = 9m] 

We can separate out from this walk the individual steps that apply to each of the Mj. 

Thus we have Mj walk Qj, for Since Xi — S'[i;i=jWi we can walk 

each of the Mj in Xi individually to the corresponding Qj. Since the Mj do not overlap, 
the catenation of the Individual walks is itself a walk, so we have a walk from Xi to 
S[vi=9i. • ■ • But the latter is just X', so we have Xi walk^’. 

We now consider the walk from Xz to X'. Since Xz = M[xi = Wi Xn = fVn], we can 

wcdk each of the inrlivirtually to yielding Y = M\xy=Y^. ,a:„ = V’„ |. The catena- 
tion bf these individual walks is a walk, because the Wi are nonoverlapping. Hence 
there is a walk from Xz to Y. 

Now. since Yi = /li[vi=9i, • • = we can rewrite Y as follows: 

Y = M[x,= Y, x, = y,J 

= i/[Xi = Ai[v^ = Qi Vjn=Qml . . • . = 

— M\Xi—Ai 

— A\yi—Qi^ . . . ,' 1 ^ 771 — 9m] 

The latter matches the left-hand side of the transformation rule A^S, so we can apply 
this rule to 3 deld 5[vi=9i, . . . which is X\ The catenation of the walk from 
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Xz to Y with the transformation from Y to X' is a walk, since this transformation 
applies at the top level, and no previoxis rules applied at that level. Thus we have a 
walk from Xs to X’. This complete Case 2. 

Chse 3: This case is the opposite of Case 2; the top level is transformed in the walk 
from X to Xz but not in that from X to X\. The proof is exactly analogous to Case 2. 

Cttse 4: In this case the top level is transformed in both the walks, from X to X\ and 
from X to Xz- By the same reasoning as in Case 2, the last step in each of these walks 
must be a top level transformation. Thus we have a walk from to a formula Y such 
that the application of a rule A=^S to the top level of Y yields X\. Similarly we have a 
walk from .Y to a formula Z such that the application of a rule A'^S' to the top level of 
Z yields Xz- Since neither the walk from Y to K nor from Y to Y can have altered the 
top level structure of Y, we can write Y, Y and Z as substitutions into a depth one list 
M-. 

X = M[x,= Uu . . . .Xn = Un] 

Y = M[x^=V, X^ = Vn] 

z = M[xi=W, Xn=Wn] 

Wr know that Ui walk and f/j walk W^, so by Ihe inductive hypothesis there are Yi 
such that li walk 1^ and IKi walk Y^, all for Let Q = W[xi=yi x^-Yn^. 

We know that the top level of Y matches the left-hand side of and that the Lop 

level of Z matches the left-hand side of We intend to show that the Lop level of 

Q matches the left-hand side of both rules. From this, and the hypothesis that the 
rules are unambiguous, we will be able to conclude that the rules _4=^.S and are 

the same rule. Tlie remainder of the proof then follows easily. 

We now show that the top level of Q matches A. By the same reasoning as in Case 2 

we know that there are Ai such that Tj = 4i[ui=9i = where ai*e 

the pattern variables of A and A = ^[xi=.4i, . . , ,Xn=An]. Hence we can rewrite Q as 
follows: 
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Q = A/[xi=ri x„=r„] 

= M{xi - Ai{vi = Qi. . . . ,Vjn = Qm] An\vi=Qi = 

= M[x^=Ai X„=4v]bl=9l. ■ • • .'Vm = Qm] 

A \V 1 — 9 1^771 ^771 ] 

rhus the top level of Q matches A. Exactly analogous reasoning shows that the top 
.evel of Q match A'. Since our rules are unambiguous, we conclude that A=A' and 
?=S'. 

We now define X' to be ■5[t>i=9i. • ■ • It remains to show that Xi walkX’ 

uid Xz walk A"'. The reasoning is analogous to that used in Case 2. Since K walk Yi, 
we know 

'Um=^m] walk A[vi = Ql Vm = Qm] 

•ience we know Mj walk^,-, for Since Xi = S[vi=Mi, . . . ,v^ = Mm], we can 

valk each of the Mj Individually to Qj to yield = which is X'. 

Since the Mj are nonoverlapping, the catenation of these walks is a walk from Xi to X'. 
ilxactly the same reasoning applies to show a walk from Xz to X’. This completes the 
proof of Case 4, and hence the proof of the theorem. Q.E.D. 

L Reduction has the Diamond Property 

rhe following lemma shows that finite sequences of walks have the diamond property, 
fe use the notation Xi walk* A'tv to mean that there is a sequence of walks from Xi to 
Xn, that is, 

Xi walk Xz walk ■ ■ • walk Xn-i Wedk Xn 
Ke permit n = l, that is, Xi=Xn. 

Lemma; If X walk* Y and X walk* walk* Z then there is an X' such that Y walk* X' 
ind Z walk* X'. 

Proof: We prove a slightly stronger result: if there are m walks in the reduction of X 
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to y and n in the reduction of X to Z, then there is an X' that can be reached by n 
walks from Y and m walks from Z. 

The proof is by induction on the meiximum number of wedks in the reductions from X 
to Y and X to Z. If there are no walks, then X — Y — Z and m=n=Q so we cein take X' 
= X. This establishes the base of the induction. 

Now suppose that there are m walks in the reduction of X to y and n walks in the 
reduction of A" to Z: 

X walk Yi walk Yz walk • walk walk Yr,, = Y 

X walk Zi walk Zz walk • • • walk Z-n-i walk Z^ "= Z 

Case 1: Suppose Tn>n. Then we can apply the inductive hypothesis to the reductions 
from X to Ym-i and X to Z, since these both contain less them m walks. Hence there is 
a W such that I^-i reaches IK in n walks, and Z reaches IK in m— 1 walks. 

Since I^-i reaches Y by one walk and IK by n walks, and n<m (by supposition), we 
cem apply the inductive hypothesis again and conclude that there is an X' such that Y 
reaches X' by n walks and W reaches X’ by one walk. Hence we have found an X' such 
that Y reaches X' in n walks and Z reaches X' in m walks (since m— 1 take Z to W and 
one more takes fV to X'). This completes Case 1. 

Case 2: Suppose m=n. Apply the inductive hypothesis to the reductions fi-orn X to 
Yjn-i and from X to Zm-i- Thus there is a IK reachable from both Ym-\ and Z^-i in 
m— 1 walks. Apply the inductive hypothesis to the reductions from Tlri-i to Y and fK to 
get a U reachable from Z in m-l walks and from IK in one walk. Similarly there is a F 
reachable from IK in one walk and from Z in m, — 1 walks. Apply the inductive 
hypothesis one last time to the reductions from W to U and V to get an X' reachable 
from both U and Fby one wedk. Now, since Y reaches C/ by m— 1 walks, and U reaches 
X' by one walk, Y reaches X' by m walks. Similarly, Z reaches X' by m walks. This 
completes Ceise 2. 
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Case 3: Suppose m<n. This is proved exactly like Case 1. Hence the lemma is 
proved. Q.E.D. 

Lemma: Reduction has the diamond property in an abstract calculus with unambi- 
guous, nonconflicting, anti-atomic rules. 

Proof: Note that a single application of a transformation rule constitutes a legal walk 
(it takes at least two reduction steps to violate the walk restriction). Since finite 
sequences of walks have the diamond property, so do finite sequences of rule applica- 
tions. But a reduction is just a finite sequence of rule applications. Q.E.D. 

Theorem (Generalized Church-Rosser): Reductions have the diamond property in an 
abstract calculus with unambiguous, nonconflicting rules. 

Proof: This result differs from the previous in that we do not require the rules to be 
anti-atomic. It was convenient to restrict our attention to anti-atomic sets of rules 
when proving that walks have the diamond property. 

We define a one-to-one correspondence, called depth-raising, between formulas as 
follows. Depth-raising an atomic formula a yields the depth-one list (a). Depth-raising 
a list (Fi Fz • ■ • Fji) yields the list {{Fi Fz - ■ ■ F^), in which each Fi is the result of 
depth-raising the corresponding Fi. The effect of depth-raising is to double the 
number of parentheses surrounding lists, and to place single parentheses around 
atoms. For example, depth-raising {+ (sue 2) 3) yields 

(( ( + ) (( (sue) (2) )) (3) )) 

Depth-raising sets up a one-to-one correspondence between formulas and depth-raised 
formulas: for each formula there is exactly one depth-raised formula, eind for each 
depth-raised formula there is exactly one formula. The crucial point, of course, is that 
depth-raised formulas are nonatomic. 

We depth-raise an abstract calculus by depth-raising the analysis and synthesis 
parts of each of its transformation rules. Clearly a formula X matches the analysis 
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part of one of the original rules if and only if the depth-raised formula X matches the 
anedysis part of the corresponding depth-raised analysis part. In particular, an atomic 
formula a matches the analysis part of an atomic (but nonuniversally applicable) rule 
b=>S if and only if the depth-raised formula (a) matches the depth-raised rule (6)=t>5’. 

Similarly, one of the original rules transforms a formula X into a formula Y if and 
only if the depth-raised rule transforms X into Y. It is also clear that a depth-raised 
transformation rule will always yield a depth-raised formula. 

These observations adlow us to prove that reductions have the diamond property, 
even in the presence of atomic rules. Suppose we have an abstract calculus whose 
imles are unambiguous and nonconflicting, but may be atomic. Let X, Xi and ATg be any 
three formulas such that X reduces to Xi and Xz. Now consider the corresponding 
depth-raised calculus and the corresponding formulas X, Xi and ATg. Clearly AT reduces 
to Xi and ATg in the depth-raised calculus. Since the depth-raised calculus is anti- 
atomic, we know reductions in it have the diamond property. Hence there is a depth- 
raised formula X' such that both Xi and A'g reduce to AT' in this calculus. Therefore we 
know there is a depth-lowering X' of X' such that Xi and A'g reduce to X' in the original 
calculus. Hence reduction also has the diamond property in the original calculus. 
Q.E.D. 

Corollary: Reduced forms are unique in an abstract calculus with unambiguous, 
nonconflicting rules. 

Eroof: Suppose that we have a reduction from X to Y and a reduction from X to Z 
and that both Y and Z are in reduced form. Since reduction has the diamond property 
we know there is a W' such that Y reduces to fV and Z reduces to fV. But, since Y is in 
reduced form, no rules are applicable to it, so Y=fV. Similarly, Z=fV. Hence Y=Z and 
we see that reduced forms are unique. Q.E.D. 
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